Biography: Ms Jennifer Luu is a student at the University of Technology, Sydney completing a Bachelor of Journalism. She also has begun producing stories at 2SER. I am appreciative that our interview on behavioural biometrics was transcribed by Jennifer. Here it is below, unchanged. An audio of the interview can be found here.

JL: 1. How does facial recognition technology such as iOmniscient in CCTV work?

KM: Facial recognition technology is a biometric system and literally it is looking at distinguished markers on the face and the distance between various items on the face, whether it’s your eyes, your mouth, your nose. And then basically matching your face to something in a database and that’s how you do an exact match or a fuzzy match. Facial recognition is not always 100% accurate. I mean, people change the way they look. They wear glasses, they wear scarves, they shave their hair. But those defining features really don’t move around. Like a nose, forehead and ears, so the distance is like a map for instance that you would use to navigate between one location and another. And so facial recognition makes use of those features on our face and then does an exact match or a fuzzy match or no match at all.

JL: 2. What is your opinion of using the software in surveillance, for example to reduce crime and detect criminals?

KM: It’s very interesting when we start to look at facial biometric systems. A lot of us uphold a lot of selfies to the internet, to facebook for instance. Facebook has been working with law enforcement for a really long time in order to do matching and people don’t realise this in the general community. For the police, Facebook is a one stop shop to look at and find potential suspects of crimes and then to correlate these images back to other images that might look like the suspect to try and get an exact make. So it is not like it hasn’t been happening previously but when we start to use facially recognition systems more broadly, in for instance, surveillance camera technology, to look at where people are, to identify potentially visitors in a particular country, to look out for particular types of criminals or suspected criminals, then we can see that this is something different to what it was originally intended for which was like to surveil movement and surveil people for example to ensure that, you know, shoplifting doesn’t occur in a premises. So when we start to look at mobile surveillance technology that has facial recognition inbuilt, a bit like the iOmniscient technology that is being developed for identification and detection, then we are starting to go into very different territory. It’s really about potentially racial profiling, behavioural surveillance and looking at what people are doing and detecting people with abnormal behaviour verses is potentially in the algorithm known as normal behaviour. It’s really about exceptions.

JL: 3. How can the algorithm predict what is abnormal as that is kind of subjective isn’t it?

KM: It is, it is really subjective. One of the products that iOmniscient actually offer to the public or offer to corporates is the ability to study a queue, and to look at the queue and to say “well, alright we can see this kind of queuing occurring dynamically and the system learns of the behaviour of those queuing and so for the vast amount of the population, they may queue for example, at an airport in order to get their passport stamped through immigration in a particular way, and, as I said previously, the algorithm is looking for exceptions based on learned behaviour in the first place and then differences from that behaviour. So if you are in a queue, you aren’t doing what most other people do in a queue, you might be singled out, even if you are completely innocent, when these systems are actually in focus. And then what happens is, because the machine might come up with an alert or a flag the human operator, who then intervenes to either question the individual or stop them, might feel they need to act based on the alert or the flag, without further questioning. That is very interesting. I think I’ve gone through a queue previously but for a full body scan and says you know “why have you chosen me instead of those behind me.” The human operator will always say “well it is random and it based on whether that LED goes red or green, and if it is green you have to be body scanned and then patted down” for instance. So it is very interesting how the human operator then responds to the algorithm decision making and that’s one of the worst issues I think at this point, is to look at subjective bias possibly in the algorithms and whether for instance they are singling out people of a racial minority, people who are different for instance, what do you do with people who are disabled? With people who are mentally ill who are queuing? And they haven’t done anything wrong but obviously they are carrying an illness but they may be singled out because they just look different.

JL: 4. With this kind of technology being trialled in Australia, what do you think this means for privacy in Australia?

KM: I think technology is racing far ahead of legality, of policy, and what we are seeing for instance, in the area of Toowoomba and one of the Gold Coast City Councils in Queensland, is that a system is currently being trialled in a Toowoomba City Council without the express permission or guidance or advice of the Queensland Privacy Commissioner Phillip Green. He came out recently in the Guardian and said quite a few vital things regarding privacy invasive behavioral recognition software. He did compare the system of iOmniscient to those racial profiling systems in the US with some very obvious bias. I mean we even see this with google algorithms, for instance, if you search ‘criminal and US’, most likely you will find a black, ethnic, minority group coming up. That is not too different from the way DNA biometric systems worked in the UK. We see, for instance, in DNA profiling in DNA biometrics, that 38% of black, ethnic, minorities, are identified in the DNA national database and the same will happen with photographs. They are just different biometrics. DNA is a biometric. It is unique to individuals. So are faces and so are fingers. And so when we are building these algorithms, whether it’s for google search engine, whether it’s for identifying a potential criminal in a queue, whether it is singling someone out or trying to target someone …. There is bias and that is something that you can try to make the algorithm learn otherwise but when all these red flags are coming up with people who look similar or who act similar, then quite possibly you are almost creating an algorithm that has a life of its own. Where artificial intelligence takes its own learned behaviour and goes forward assuming that the same is true in other situations. But that is one of the issues in camera analytics software and people like the Civil Liberties of Australia Group, The Australian Privacy Foundation, the Queensland Privacy Commission from the government Phillip Green, are basically saying “right it’s time for us to sit down and actually do a privacy risk assessment. Find out how are behavioural biometrics changing the game and how to we address the issues.” It is quite incredible to see that technology is being trialled but the Privacy Act is rather being ignored. As well as things like the Surveillance Devices Act and other things like Workplace Surveillance Acts in various States. What we are doing is almost going in contradiction to the laws that we have in Australia to protect citizenry and to do we really need these biometric behavioural systems at the city local council level? You know, I don’t think so. We have enough CCTV as it is.

JL: 4. Is it kind of hard to bring the legal side into it because from what I have seen, the Privacy Laws in Australia aren’t really uniform and they vary state by state so how difficult would it be to create uniform laws that addressed the technology?

KM: So we do have the Australian Privacy Act at the Federal level and then we have various state-wide Acts of course. And they differ, of course. So do the Surveillance Devices Acts between states and the workplace monitoring and surveillance acts, between states. And some States are more lenient than others. Some require you to actually inform an individual being recorded. Others don’t allow for visual and audio recordings. In terms of bringing things into uniformity, I don’t think that will happen in Australia because we have these state based law. But I do think that we are going to see very interesting amendments to current Acts. For example, in the Northern Territory, we had the Justice Act amended to allow for recordings of victims of domestic violence so that the evidence of bruising, or other physical abuse could be put forward in a State Court, but this was an amendment. So what I think will happen in Australia is that we will see continually amendments occur, but when technology is pushing the boundary, it is almost that the laws are lagging far behind. SO it is not even a problem of one state differing to another, it is the law not even having any idea what to do with this kind of behavioural surveillance technology. For instance, what is happening with the biometric data being gathered in real time and actually acted upon to make decisions in real time? Where is that data being stored? Are the makers of the software at all liable for wrong decisions that have been made? For example, placing innocent people on a suspects list. How do you then tell somebody, you know, “you are not aware of this but actually you were suspected by one of our behavioral surveillance technologies devices that you were a prospective terrorist trying to do something.” And they are currently innocent people. How after you’ve muddied someone’s reputation, and they are not aware of it, completely ignorant of the fact that they were flagged by this visual surveillance system, how do you then recompense them for the fact that they haven’t done anything and yet they have been accused? Even if no charges have been pressed, they’ve been questioned, they’ve been made alarmed. There whole well being and safety has felt contra to the whole reasons these surveillance are being purportedly put in. Here we are saying we are introducing these systems at borders to increase the safety of our citizenry and of visitors to our nation, but in actual fact what you are doing is making somebody feel unsafe by as flagging them as a criminal when they are not. So it is contra to the aims of the application and I guess it all depends on which stakeholder you are and who you think you’re protecting, and what you think the systems aims are. I mean, we had heard of many cases where people had been caught on CCTV, had been further questioned later for a crime, like a murder, and have then based on the feeling or fear, gone and killed themselves, taken their own life, because they’ve been flagged in one of these systems. People don’t know, during the Boston Marathon somebody who was identified prematurely as being one of the people who detonated one of the bombs actually took his own life because he felt like he was being chased by the authorities and yet he was completely innocent. The guilty man was found later.

JL: 4. That’s a really serious aspect of this, so the last question I have is, do you think this type of biometric surveillance is going to become more and more popular in future?

KM: Yes, I mean we are going towards a Minority Report future. That film starring Tom Cruise, is actually very well cemented in so many peoples’ minds. As he is walking through a shopping centre and his iris is being recognised, and his face is being identified via biometrics. Are we going to that? I think we’re sleepwalking towards that type of society. We already see the proliferation of unmanned CCTV cameras in the UK. There are these alarming statistics, so many CCTV cameras per person. And in Australia for instance, we have calculated the number of minutes that people are captured on footage on CCTV, so you really can’t go about your day with any privacy in a public setting. And that is creating stresses between private situations in public spheres. But I think we need to raise alarm bells. What’s coming with human activity monitoring and camera analytics of video footage is something completely different. I mean, you can imagine in the future, one camera being able to hear what you’re saying, see you, listen to your audio actual use a technology that transmits and translates your voice to actual text and then mining what you are talking about. What kind of a world would that be? And so when we’re saying that these camera surveillance technologies will curb antisocial behaviour, I think what will occur is a great risk to societies … and trust because then we will stop actually saying what we’re thinking to our loved ones if we are in public, we will stop sharing intimate conversations in public spheres. For example, in a coffee shop. And we will start to play to a theatre because we will think we will be monitored by visual systems, by audio systems, and then by authorities who could possibly take what we’re saying, the way we are looking completely out of context. And this is the whole thing. The company iOmniscient has chosen a very interesting name but my work and that of MG Michael in the sphere of uberveillance is actually saying there is no such thing as technology-based ‘omniscience’, there is no such thing as an all seeing eye in real time, because context is always missing from situations and events. So I don’t want us to walk down this path but it seems with ongoing councils around the world adopting these technologies and countries and cities, for instance in Bahrain, using iOmniscient technology, according to many people in human rights NGO’s are saying that they are actually targeting visitors and placing them behind bars when they are identified and detected at various locations. I don’t want to walk into that kind of society. I would love to keep our freedoms and our human rights intact.

This interview with Kallistos Ware took place in Oxford, England, on October 20, 2014. The interview was transcribed by Katina Michael and adapted again in Oxford, on October 18, 2016, by Metropolitan Kallistos in preparation for it to appear in print. MG Michael predominantly prepared the questions that framed the interview.

Biography

Born Timothy Ware in Bath, Somerset, England, Metropolitan Kallistos was educated at Westminster School (to which he had won a scholarship) and Magdalen College, Oxford, where he took a Double First in Classics as well as reading Theology. In 1966 Kallistos became a lecturer at the University of Oxford, teaching Eastern Orthodox Studies, a position he held for 35 years until his retirement. In 1979, he was appointed to a Fellowship at Pembroke College, Oxford.

Do You Differentiate between the Terms Science and Technology? And is there a Difference between the Terms in Your Eyes?

Science, as I understand it, is the attempt systematically to examine reality. So in that way, you can have many different kinds of science. Physical science is involved in studying the physical structure of the universe. Human science is examining human beings. Thus the aim of science, as I understand it, is truth. Indeed, the Latin term scientia means knowledge. So, then, science is an attempt through the use of our reasoning brain to understand the world in which we live, and the world that exists within us. Technology, as I interpret it, means applying science in practical ways, producing particular kinds of machines or gadgets that people can use. So science provides the basis for technology.

What Does Religion have to Say on Matters of Science and Technology?

I would not call religion a science, though some people do, because religion relies not simply on the use of our reasoning brain but it depends also on God's revelation. So religion is based usually on a sacred book of some kind. If you are a Christian that means the Bible, the Old and New Testaments. If you are a Muslim, then the Old Testament and the Quran.

So science as such does not appeal to any outside revelation, it is an examination of the empirical facts before us. But in the case of religion, we do not rely solely on our reasoning brain but on what God has revealed to us, through Scripture and in the case of an Orthodox Christian, through Scripture and Tradition. Technology, is something we would wish to judge in the light of our religious beliefs. Not all of the things that are possible for us to do applying our scientific knowledge are necessarily good. Technology by itself cannot supply us with the ethical standards that we wish to apply. So then religion is something by which we assess the value or otherwise of technology.

Could We Go Insofar as Saying that Science and Religion Could be in Conflict? Or at Least is there a Point Where they Might Become Incompatible One with the Other?

I do not believe that there is a fundamental conflict between science and religion. God has given us a reasoning brain, he has given us faculties by which we can collect and organize evidence. Therefore, fundamentally all truth is from God. But there might be particular ways of using science which on religious grounds we would think wrong. So there is not a fundamental conflict, but perhaps in practice a certain clash. Problems can arise when, from the point of view of religion, we try to answer questions which are not strictly scientific. It can arise when scientists go beyond the examination of evidence and form value judgements which perhaps could conflict with religion. I would see conflict arising, not so much from science as such in the pursuit of truth, but from scientism, by which I mean the view that methods of scientific enquiry necessarily answer all the questions that we may wish to raise. There may be areas where science cannot give us the answer. For example, do we survive death? Is there a future life? That is to me a religious question. And I do not think that our faith in a future life can be proved from science, nor do I think it can be disproved by science. Equally, if we say God created the world, we are making a religious statement that in my view cannot be proved or disproved by science. So religion and science are both pursuing truth but on different levels and by different methods.

Are there Any Principles or Examples in the Judeo-Christian Tradition Which Point to the Uses and Abuses of Technology?

One precious element in the Judeo-Christian tradition is respect for the human person. We believe as Christians that every person is of infinite value in God's sight. Each person is unique. God expects from each one of us something that he doesn't expect from anyone else. We are not just repetitive stereotypes. We are each made in the image and likeness of God, and we realize that likeness and image, each in our own way. Humans are unique basically because we possess freedom. Therefore we make choices. And these choices which are personal to each one of us determine what kind of person we are. Now, any technology which diminishes our personhood, which degrades us as humans, this I see as wrong. For example, to interfere with people's brains by medical experimentation, I would see as wrong. Medicine that aims to enable our bodies and our minds to function correctly, that clearly I would see as good. But experiments that have been done by different governments in the 20th century, whether by Communism or in Nazi Germany, that I would see as an abuse of technology because it does not show proper respect for the integrity of the human person. So this would be my great test - how far technology is undermining our personhood? Clearly our freedom has to be limited because we have to respect the freedom of other people. And therefore, much of politics consists of a delicate balancing of one freedom against another. But technology should be used always to enhance our freedom, not to obliterate it.

How did the Ancient World Generally Understand and Practice Technology?

Interpreting technology in the broadest possible sense, I would consider that you cannot have a civilized human life without some form of technology. If you choose to live in a house that you have built yourself or somebody else has built for you, instead of living in a cave, already that implies a use of technology. If you wear clothes woven of linen, instead of sheepskins or goatskins, that again is a use of technology. In that sense, technology is not something modern, it came into existence as soon as people began using fire and cooking meals for themselves, for example. Clearly, the amount of technology that existed in the ancient world was far less than what we have today. And most of the technological changes have come, I suppose, in the last 200 years: the ability to travel by railway, by car, and then by plane; the ability to use telephones and now to communicate through the Internet. All of this is a modern development. Therefore we have an elaboration of technology, far greater than ever existed in the ancient world. That brings both advantages and risks. We can travel easily and communicate by all kinds of new means. This in itself gives us the opportunity to do far more, but the advantages are not automatic. Always it is a question of how we use technology. Why do we travel quickly from place to place? What is our aim? When we communicate with the Internet, what is it that we are wishing to communicate to one another? So value judgements come in as to how we use technology. That we should use it seems to me fully in accordance with Christian tradition. But the more complex technology becomes, the more we can do through technology, the more questions are raised whether it is right to do these things. So we have a greater responsibility than ever people had in the ancient world, and we are seeing the dangers of misuse of our technology, in for example the pollution of the environment. For the most part the ecological crisis is due to the wrong use of our technological skills. We should not give up using those skills, but we do need to think much more carefully how and why we are using them.

In What Ways has Technology Impacted Upon Our Practice of Religion? Is there Anything Positive Coming from this?

One positive gain from technology is clearly the greater ease by which we can communicate. We can share our ideas far more readily. A huge advance came in the fifteenth century with the invention of printing. You no longer had to write everything out by hand, you could produce things in thousands of copies. And now of course a whole revolution that has come in through the use of computers, which again renders communication far easier. But once more we are challenged: we are given greater power through these technological advances, but how are we going to use this power? We possess today a knowledge that earlier generations did not possess, quantitative, information, technological, and scientific facts that earlier ages did not have. But though we have greater knowledge today, it is a question whether we have greater wisdom. Wisdom goes beyond knowledge, and the right use of knowledge has become much more difficult. To give an example from bioethics: We can now interfere in the processes of birth in a way that was not possible in the past. I am by no means an expert here, but I am told that it is possible or soon will be for parents to choose the sex of their children. But we have to ask: Is it desirable? Is it right, from a Christian point of view that we should interfere in the mystery of birth in this way? My answer is that parents should not be allowed to choose the sex of their child. This is going beyond our proper human responsibility. This is something that we should leave in the hands of God, and I fear that there could be grave social problems if we started choosing whether we would have sons or daughters. There are societies where girls are regarded as inferior, and in due course there might arise a grave imbalance between the sexes. That is just one illustration of how technology makes things possible, but we as Christians on the basis of the teaching of the church have certain moral standards, which say this is possible but is not the right thing to do. Technology in itself, indeed science in itself, cannot tell us what is right or wrong. We go beyond technology, and beyond the strict methods of science, when we begin to express value judgements. And where do our values come from? They come from our religious belief.

How are We to Understand the Idea of Being Created in the “Image and Likeness” of God in the Pursuit of the Highest Levels and Trajectories of Technology?

There is no single interpretation in the Christian tradition of what is meant by the creation of the human person according to the image and likeness of God. But a very widespread approach, found for example among many of the Greek fathers, is to make a distinction between these two terms. Image on this approach denotes the basic human faculties that we are given; those things which make us to be human beings, the capacities that are conferred on every human. The image is as it were, our starting point, the initial equipment that we are all of us given. The likeness is seen as the end point. The likeness means the human person in communion with God, living a life of holiness. Likeness means sanctity. The true human being on this approach is the saint. We humans, then, are travellers, pilgrims, on a journey from the image to the likeness. We should think of the human nature in dynamic terms. Fundamental to our personhood is the element of growth. Now, the image then means that we possess the power of rational thinking, the power of speech, articulate language with which we can communicate with others; it means therefore reason in the broadest sense. More fundamentally, it means that we humans have a conscience, a sense of right or wrong, that we make moral decisions. Most fundamentally of all, the image means that we humans have God-awareness, the possibility to relate to God, to enter into communion with him through prayer. And this to me is the basic meaning of the image, that we humans are created to relate to God. There is a direction, an orientation in our humanness. We are not simply autonomous. The human being considered without any relationship to God is not truly human. Without God we are only subhuman. So the image gives us the potentiality to be in communion with God, and that is our true nature. We are created to live in fellowship and in communion with God the Creator. So the image means you cannot consider human beings simply in isolation, as self-contained and self-dependent but you have to look at our relationship with God. Only then will you understand what it is to be human.

At What Point Would Theologians or Ethicists Reckon we Have Crossed the Line from Responsible Innovation and Scientific Enquiry over into “Hubris”?

As a Christian theologian, I would not wish to impose, as if from a higher authority, limits on scientific enquiry. As I said earlier, God has given us the power to understand the world around us. All truth comes from him. Christ is present in scientific enquiry, even if his name is not mentioned. Therefore, I do not seek in a theoretical way to say to the scientist: Thus far and no further. The scientist, using the methods of enquiry that he has developed, should continue his work unimpeded. One cannot say that any subject is forbidden for us to look at. But there is then the question: how do we apply our scientific knowledge? Hubris comes in when scientists go beyond their proper discipline and try to dictate how we are to live our lives. Morality does not depend solely on scientific facts. We get our values, if we are Christians, from our faith. Modern science is an honest enquiry into the truth. So long as that is the case, we should say to the scientist: please continue with your work. You are not talking about God, but God is present in what you are doing, whether you recognize that or not. Hubris comes in when the scientist thinks he can answer all the questions about human life. Hubris comes in when we think we can simply develop our technology without enquiring: is this a good or bad application of science?

Is that Well-Known Story of the Tower of Babel from the Book of Genesis 11:1-9 at all Relevant with its Dual Reference to “Hubris” and “Engineering”?

Yes, that is an interesting way of looking at the story of the Tower of Babel. The story of the Tower of Babel is basically a way of trying to understand why it is that we humans speak so many different languages and find such difficulty in communicating with one another. But underlying the story of Babel exactly is an overconfidence in our human powers. In the story of the Tower of Babel, the people think that they can build a tower that will reach from earth to heaven. By the power of engineering they think they can bridge the gap between the human and the divine. And this exactly would be attributing to technology, to our faculty for engineering, something that lies beyond technology and beyond engineering. Once you are moving from the realm of factual reality to the realm of heaven, then you are moving into a different realm where we no longer depend simply on our own powers of enquiry and our own ability to apply science. So exactly, the story of the Tower of Babel is a story of humans thinking they have unlimited power, and particularly an unlimited power to unite the earthly with the heavenly, whereas such unity can only come through a recognition of our dependence on God.

Why Cannot or Should We Not Explore and Innovate, and Go as Far as is Humanly Possible with Respect to Innovation, if We Carry the Seed of God's Creative Genius within Us?

Yes, we carry the seed of God's creative genius within us, but on the Christian world view we humans are fallen beings and we live in a fallen world. Now, how the fall is interpreted in Christian tradition can vary, but underlying all understandings of the fall is the idea that the world that we live in has in some way or another gone wrong. There is a tragic discrepancy between God's purpose and our present situation. As fallen human beings, therefore, we have to submit our projects to the judgement of God. We have to ask, not only whether this is possible but whether this is in accordance with the will of God. That obviously is not a scientific or technological question. It is not a question of what is possible but of what is right. Of course, it is true that many people do not believe in God, and therefore would not accept what I just said about this being a fallen world. Nevertheless they too, even those who have no belief in God, have to apply a moral understanding to science and technology. I hope they would do this by reflecting on the meaning of what it is to be human, on the value of personhood. And I believe that in this field it is possible, for Christians and non-Christians, for believers and unbelievers, to find a large measure of common ground. At the same time, we cannot fully understand our limitations as fallen human beings without reference to our faith. So the cooperation with the non-believer only extends to a certain limited degree.

Can a Particular Technology, for Instance Hardware or Software, be Viewed as Being “Immoral”?

One answer might be to say technology is not in itself moral or immoral. Technology simply tells us what is possible for us to do. Therefore, it is the use we make of technology that brings us to the question of whether a thing is moral or immoral. On the other hand, I would want to go further than that, to say that certain forms of technology might in themselves involve a misuse of humans or animals. I have grave reservations, for example, about experiments on animals by dissection. Many of the things that are done in this field fail to show a proper respect for the animals as God's creation. So, it is not perhaps just the application of technology that can be wrong but the actual technology itself, if it involves a wrong use of living creatures, humans or animals. Again, a technology that involves widespread destruction of natural resources, that pollutes the world round us, that too, I would say in itself is wrong, regardless of what this technology is being used for. Often it must be a question of balancing one thing against another. All technology is going to affect people, one way or another. But there comes a point where the effect is unacceptable because it is making this world more difficult for other humans to live in. It is making the world unsuitable for future generations to survive within. Thus, one cannot make a sharp distinction between the technology in itself and how we apply it. Perhaps the technology itself may involve a wrongful use of humans, animals, or natural things; wrongful because it makes the world somehow less pleasant and less healthy for us to live in.

Is Religious Faith in Any Way Threatened by Technology?

If we assume a scientific approach, that assumes that humans are simply elaborate machines, and if we develop technologies which work on that basis, I do think that is a threat to our religious faith, because of my belief in the dignity and value of the human person. We are not simply machines. We have been given free will. We have the possibility to communicate with God. So in assuming that the human being is merely a machine, we are going far beyond the actual facts of science, far beyond the empirical application of technology, since this is an assumption with deep religious implications. Thus there can be conflict when science and technology go beyond their proper limits, and when they do not show respect for our personhood.

Can Technology Itself become the New Religion in its Quest for Singularitarianism - the Belief in a Technological Singularity, where we are Ultimately Becoming Machines?

Yes. If we assume that science and technology, taken together, can answer every question and solve every problem, that would be making them into a new religion, and a religion that I reject. But science and technology do not have to take that path. As before, I would emphasize we have to respect certain limits, and these limits do not come simply from science or technology. We have, that is to say, to respect certain limits on our human action. We can, for example, by technology, bring people's lives to an end. Indeed, today increasingly we hear arguments to justify euthanasia. I am not at all happy about that as a Christian. I believe that our life is in God's hands and we should not decide when to end it, still less should we decide when to end other people's lives. Here, then, is a very obvious use of technology, of medical knowledge, where I feel we are overstepping the proper limits because we are taking into our hands that which essentially belongs to God.

Can You Comment on the Modern Day Quest toward Transhumanism or what is Now Referred to as Posthumanism?

I do not know exactly what is meant by posthumanism. I see the human person as the crown and fulfilment of God's creation. Humans have uniqueness because they alone are made in the image and likeness of God. Could there be a further development in the process of evolution, whereby some living being would come into existence, that was created but on a higher level than us humans? This is a question that we cannot really answer. But from the religious point of view, speaking in terms of my faith as a Christian, I find it difficult to accept the idea that human beings might be transcended by some new kind of living creature. I note that in our Christian tradition we believe that God has become human in Christ Jesus. The second person of the Trinity entered into our human life by taking up the fullness of our human nature into Himself. I see the incarnation as a kind of limit that we cannot surpass and that will not be superseded. And so I do not find it helpful to speculate about anything beyond our human life as we have it now. But we are not omniscient. All I would say is that it will get us nowhere if we try to speculate about something that would transcend human nature. The only way we can transcend human nature is by entering ever more fully into communion with God, but we do not thereby cease to be human. Whether God has further plans of which we know nothing, we cannot say. I can only say that, within the perspective of human life as we know it, I cannot see the possibility of going beyond the incarnation of Christ.

Is Human Enhancement or Bodily Amplification an Acceptable Practice When Considered against Medical Prosthesis?

Human enhancement and bodily amplification are acceptable if their purpose is to enable our human personhood to function in a true and balanced way but if we use them to make us into something different from what we truly are, then surely they are not. Of course that raises the question of acceptable, what we truly are. Here the answer, as I have already said comes not from science but from our religious faith.

What if Consciousness Could Ever be Downloaded through Concepts Such as “Brain in a Vat”?

[Sigh]. I become deeply uneasy when such things are suggested, basically because it undermines the fullness of our personhood. Anything that degrades living persons into impersonal machines is surely to be rejected and opposed.

In the Opposite Vein, What if Machines Were to Achieve Fully Fledged Artificial Intelligence through Advancement?

When I spoke of what it means for humans to be created in God's image, I mentioned as the deepest aspect of this that we have God-awareness. There is as it were in our human nature a God-shaped hole which only He can fill. Now perhaps robots, automatic machines, can solve intellectual problems, can develop methods of rational thought, but do such machines have a sense of right or wrong? Still more, do such machines have an awareness of God? I think not.

What is so Unique about Our Spirit Which We Cannot Imbue Or Suggest into Future Humanoid Machines?

The uniqueness of the human person for me is closely linked with our possession of a sense of awe and wonder, a sense of the sacred, a sense of the divine presence. As human beings we have an impulse within us that leads us to pray. Indeed, prayer is our true nature as humans. Only in prayer do we become fully ourselves. And to the qualities that I just mentioned, awe, wonder, a sense of the sacred, I would add a sense of love. Through loving other humans, through loving the animals, and loving God, we become ourselves, we become truly human. Without love we are not human. Now, a machine however subtle does not feel love, does not pray, does not have a sense of the sacred, a sense of awe and wonder. To me these are human qualities that no machine, however elaborate, would be able to reproduce. You may love your computer but your computer does not love you.

Where Does Christianity Stand on Organ Donation and Matters Related to Human Transplantation? Are there Any Guidelines in the Bioethics Domain?

In assessing such questions as organ donations, heart transplants, and the like, my criterion is: do these interventions help the human person in question to lead a full and balanced human life? If organ transplants and the like enhance our life, enable us to be more fully ourselves, to function properly as human beings, then I consider that these interventions are justified. So, the question basically is: is the intervention life enhancing?

That would bring me to another point. As Christians we see this life as a preparation for the life beyond death. We believe that the life after death will be far fuller and far more wonderful than our life is at present. We believe that all that is best in our human experience, as we now know it, will be reaffirmed on a far higher level after our death. Since the present life is in this way a preparation for a life that is fuller and more authentic, then our aim as Christians is not simply to prolong life as long as we can.

Can You Comment on One's Choice to Sustain Life through the Use of Modern Medical Processes?

The question therefore arises about the quality of life that we secure through these medical processes. For example, I recall when my grandmother was 96, the doctors suggested that various things could be done to continue to keep her alive. I asked how much longer will they keep her alive and the answer was, well perhaps a few months, perhaps a year. And when I discovered that this meant that she would always have various machines inserted into her that would be pumping things into her, I felt this is not the quality of life that I wish her to have. She had lived for 96 years. She had lived a full and active life. I felt, should she not be allowed to die in peace without all this machinery interfering in her. If on the other hand, it were a question of an organ transplant, that I could give to somebody who was half her age, and if that afforded a prospect that they might live for many years to come, with a full and active existence, then that would be very different. So my question would always be, not just the prolonging of life but the quality of the life that would be so prolonged. I do not, however, see any basic religious objection to organ transplants, even to heart transplants. As long as the personality is not being basically tampered with, I see a place for these operations. Do we wish to accept such transplants? That is a personal decision which each one is entitled to make.

ACKNOWLEDGMENT

This interview transcript has previously been published by the University of Wollongong, Australia.

Katina Michael interviews amal graafstra [1] about his forthcoming intiative MyUki.com (pronounced /yoo kee/) (Figure 1). UKI is an implantable near-field communication (NFC) platform for identity’ security, cryptography, and payment applications. Graafstra is the entrepreneur who started Dangerous Things. com in 2013 (Figure 2), and, in this interview, he speaks on the changes he has witnessed since the Maker Revolution. Graafstra believes it is time to move ahead with products and services that can be consumed by the general population, not just members of the tech community. He observes the shortcomings of our online identities that are owned by companies and not individuals and is proposing a way to integrate biological identity using an embedded implant that will give the user greater control over all of his or her transactions. While UKI is mostly about security, cryptography, and bitcoin transactions, Graafstra is also looking at various ways his product might be used, everything from access control, transit ticketing, e-payments, and privacy applications [2].

Figure 1. www.myuki.com is scheduled to launch in fall 2016.

Katina Michael: It's been over ten years since you wrote your first book, RFID Toys [3], and a lot has happened since then. But in summary, what has changed for you during that time?

Amal Graafstra: Technology wise, not much. Personal philosophy, personal security, transhumanism, life extension, a lot has changed. In 2005, when I wrote the book, it was kind of a technological curiosity. There was a lot of hubbub around RFID implants, which ultimately died down [4]. There was really an argument around consent [5], but it wasn't really a practical argument. After the Maker Revolution was born, say around 2008, people started making and creating things in their garages again. Also out of that movement, the maker concepts ventured into the biological space. People started thinking why would they buy that real-time polymerase chain reaction machine for US2,500?

The idea that hacker ethics and methodology could be applied to biology and all those things, spurred on discussion of transhumanism, of the singularity, and more. For me, the conversation started around privacy and security, and the context of that around transponders didn't make any sense. To me, there was very little impact to personal privacy and no impact really on security. I mean, my RFID-enabled door stopped being susceptible to lock pickers and became susceptible to people who had RFID emulators. So it didn't really change the security issue, except I think there are a lot less people with emulators around to get through my front door than there are lock pickers, and the requirements are more difficult. An emulator must first scan my tag then emulate it, where a lock picker can just attack the lock directly. So maybe in some small sense, I became a little bit more secure with my implants.

Figure 2. Graafstra's www.dangerousthings.com has been operating since 2013.

But, really, the discussion around humancentric implants—what it means to be human, what it means to be augmented—challenged some people fervently. I found it difficult to understand when the idea was a very simple concept, whereas a pacemaker or a cochlear implant does not get that kind of attention and, perhaps, it is because it is purely restorative medicine and not augmentation by choice. So I tried to comprehend why augmentation received so much resentment from some people, and I think it is because there is fear around the technology and people are misinterpreting or misunderstanding the technology's capability. Really, it was coming down to having to defend the technology and defend my choice to have implants, actively refining my arguments and really getting myself involved in discussions about the future of humanity and the mission of humanity beyond our capabilities. It forced me to play the philosopher a little bit. You know, this hits on everything from religion to politics to everything.

Michael: I think, Amal, you are right. Religion and politics are two very divisive issues when one considers their position in emerging technological issues and social implications [6]. These user sentiments and beliefs will either drive adoption of embedded systems or cause a lag in the diffusion of the technology. So I think talking about these things openly is vital [7]. From the quantitative studies we ran in 2010–2012, we found these were indeed the very dominant themes that emerged when we codified the open comments [8]. It also had to do with ethics [9], power, control, access, trust [10], security [11], and privacy [12]. But most importantly, the freedom of the individual to accept or reject such a proposition [13], [23].

Graafstra: Yes, I very much agree that individuals have the right to do what they want with their own bodies. And that is a fundamental human right, when you look at various aspects of life, not just the introduction of an implant into the human body.

Michael: I wanted to ask you about DangerousThings.com now [14] and what you have learned from the experience of launching a company on RFID/NFC implants for the wider consumer market (see Figure 3). Is there a subculture forming whether we call them body modifiers, or grinders, or biohackers, or implantees?

Graafstra: The main thing I am seeing is the fundamental change or shift in the type of customer. The first year was all about technology-aware people that understood RFID or NFC. They were building their own projects, so they understood how to build them; they were very excited. Now, the general customer is less so. The general customer is like, “Oh that's interesting, I have NFC on my phone, and what can I do with the implants? Is this something I can get into my house with?” [15]. They are not really aware of how the technology works exactly. They just think it is interesting and cool.

People are more accepting of the idea of an implant now, and they kind of view it more as body jewelry. So the question they are asking themselves is like, “Should I get a body piercing or an RFID implant?” It's all the same [16]. So as far as biohackers as a community, a small community has come together, and people are doing things, and I find society's reaction in general to be interesting. The awareness of implants of this nature, especially over a decade now from the first coverage, has seeped into people's general consciousness. I've talked to some people who say, “Oh, I've never heard of that.” But I am sure somewhere they have heard of it but it has not registered what it means exactly. So the general reaction I was getting ten years ago was very visceral responses like “ew,” but now it is like, “Oh, hmm,” and it is far less violently opposed. I think, in general, society is changing to be a little more open or understanding of these things. And even if they don't like it, it is not a kind of violent reaction [17].

Michael: Our research on uberveillance [18] and the multicountry quantitative surveys we've done are telling us something similar, although some of our responses between 2011 and 2013 were recurring: “it's creepy,” “ohh,” “stupid,” “no way,” “too scary,” “yuck,” etc. However, there are slightly more people considering RFID implants now as a plausible future [19]. We asked small business owners whether they were willing to adopt an implant, and more than 80% of people fell in the “no” or “maybe” bands. Over the three years we ran the survey, we did not see a significant change in the “yes” response, but we have seen more people move into the “maybe” band, which is also interpreted as “undecided” and “I don't know,” and so whereas in 2010 people would have just replied “no way,” more people are shifting to sitting on the fence with a decision. And most of the time, the “maybe” responses were qualified with an imperative health and safety comment or security response or ownership and access issue, etc. These figures are commensurate with last year's Lloyds Bank survey that claimed that as many as 7% of Brits would take an implant for e-payment, although we don't know the sample size of their survey [20]. In 2010, a survey run by IT industry lobby group BITKOM, found that 23 out of 1,000 German respondents “would accept a microchip implanted in their body if that would bring concrete benefits” [21]. So in just five years, that is a 5% swing, although we are speaking of two different markets in the European Union.

Graafstra: And I think that is probably the most important thing for implants as a product, that it seems that it is becoming more widely accepted in the general public.

Michael: So why create the www.myuki.com brand? I would like to ask you about what services you are going to launch (e.g., the bitcoin e-payment implant) and whether or not MyUki will be a part of the Internet of Things or will it be a separate crypto initiative that does not directly involve third parties?

Graafstra: Very briefly now: The infrastructure (and here I mean services like Facebook and online banking) of the Internet is not set up in a way that people own their identity. You are never sure when you get a response from someone whether you are really talking to that person. The reality is that we set up these proxy identities. We have our biological identities, that is ourselves, and then our digital identities, a collection of all of these proxy accounts that act as “you” online. So somebody on Facebook wants to message as you. If they have your account credentials, they can send a message as if they were “you.” Of course, people would realize it was not you if there was a radical message sent out, but if it was subtle, nobody would detect you hadn't sent the message in the first place. So if it was covert, or subversive, it would be indistinguishable from the real “you.” So if you log on to your bank account and you tell the application to transfer money out of your account, the bank just does that on your behalf. And the fundamental issue is that the bank owns that identity too; you do not. Facebook owns that identity; you do not. All of these things, the third party owns the identity elements; you do not.

Something like UKI, where you can biologically and cryptographically prove your identity and you can validate transactions, is necessary. Imagine a future where you go to the bank or log in, and that is fine because a hacker could log in too and see your account details, but they could not issue a transaction like “transfer this amount” from A to B. The bank has to put all the transactions in a blockchain ledger, which is publicly accessible. And if the bank moves your money, that transaction is moved by the bank and recorded as such in the ledger, but if you move that money, then that transaction is signed by you. If somebody else who does not have a valid signature tries to transfer your money, they cannot do it. So in one sense, you would own your bank account [22], but currently, it is still owned by the bank. The same would go for your messaging and your Facebook account. You would have ownership over your identity, and that requires a fundamental change in how identity is handled online and how it is handled within political systems.

For example, Estonia has an Estonian Residency Card, which is cryptographic, that needs to be used for setting up accounts, processing transactions, and interacting with the government as a form of identification, but it is a card, it is a token, an object. And all of these can be lost, forgotten, or stolen. You know, two-factor authentication for websites. I can turn it on, but there are always back doors subject to hacking. The back doors are there to enable people who've lost their security token to still get in. They are not locked out. But these back doors are weak and susceptible to hacking, so there is no real point to two-factor authentication because it does not solve the problem at hand. So I've tried to create something that is reliable, robust, permanent, and it bonds your biological identity to your digital identity. And that's really what I am trying to start with MyUki (Figure 1).

Michael: I see the intent here. I also see the pull away from large corporations in some sense and their hold on consumers, going with this kind of personal ID solution. I think both government and industry would find this a difficult concept to work with because, ultimately, it has to do with control and how services are provisioned. The other thing is how consumers will perceive such a service, and right now, our research is telling us that the vast majority of people don't like the idea of implants, as they believe they are losing control by having something in their body they cannot take out, which is different to closing a bank account with a company you've lost faith in because of, say, a hike in cardholder fees.

8. K. Michael, C. Perakslis, M.G. Michael, "Microchip implants for employees in the workplace: Findings from a multi-country survey of small business owners" in Surveillance and/in Everyday Life: Monitoring Pasts Presents and Futures, University of Sydney, 2011.

That is what we discuss at futurist conferences but it is really difficult to say because so much of the technology we have consists in spin-offs, usually from the military/ industrial complex. A lot of the technology has been and is being developed in secret. We have good ideas of what some of it is, but by no means all of it. I think in 30 years time though, we will have got used to almost continuous surveillance, even on public thoroughfares, and that to me is really one of the most ominous aspects of the element of technology. We will accept it because of fear, and fear is the strongest conditioner. In many cases, technology is developing in relationship to a war on terrorism, both real and imagined, and this conditions us to accept the surveillance of people in all circumstances. I think probably we will have a lot less personal freedom and there will be technologies that will help to distract us from having these personal freedoms. I think part of the technology that is developing is intended to distract us away from thinking and toward becoming less aware of what is going on in our governments and in our military. Social media has been used in popular protests to considerable effect, but it can be swamped and used for disinformation just as easily.

So what do I see? I see little tiny cameras in everyday objects, we’ve already been speaking about the Internet of Things—the web of things and people—and these individual objects will come alive once they have a place via IP on the Internet. So you will be able to speak to your fridge; know when there is energy being used in your home; your TV will automatically shut off when you leave the room. So all of these appliances will not only be talking with you, but also with the suppliers, the organisations that you bought these devices from. So you won’t have to worry about warranty cards; the physical lifetime of your device will alert you to the fact that you’ve had this washing machine for two years, it requires service. So our everyday objects will become smart and alive, and we will be interacting with them. So it’s no longer people-to-people communications or people-to-machine, but actually the juxtaposition of this where machines start to talk to people.

In 1971, I was working in the (then) computer industry, and undertaking a 'social issues' unit towards my degree. A couple of chemical engineering students made wild claims about the harm that computers would do to society. After spending time debunking most of what they said, I was left with a couple of points that they'd made about the impact of computers on privacy that were both realistic and serious. I've been involved throughout the four decades since then, as consultant, as researcher and as advocate.

Katina Michael: Dan, let’s start at the end of your story which was the beginning of your reformation. What happened the day you got caught for credit card fraud?

Dan DeFilippi: It was December 2004 in Rochester, New York. I was sitting in my windowless office getting work done, and all of a sudden the door burst open, and this rush of people came flying in. “Get down under your desks. Show your hands. Hands where I can see them.” And before I could tell what was going on, my hands were cuffed behind my back and it was over. That was the end of that chapter of my life.

Katina Michael: Can you tell us what cybercrimes you committed and for how long?

Dan DeFilippi: I had been running credit card fraud, identity theft, document forgery pretty much as my fulltime job for about three years, and before that I had been a hacker.

Katina Michael: Why fraud? What led you into that life?

Dan DeFilippi: Everybody has failures. Not everybody makes great decisions in life. So why fraud? What led me to this? I mean, I had great parents, a great upbringing, a great family life. I did okay in school, and you know, not to stroke my ego too much, but I know I am intelligent and I could succeed at whatever I chose to do. But when I was growing up, one of the things that I’m really thankful for is my parents taught me to think for myself. They didn’t just focus on remembering knowledge. They taught me to learn, to think, to understand. And this is really what the hacker mentality is all about. And when I say hacker, I mean it in the traditional sense. I don’t mean it as somebody in there stealing from your company. I mean it as somebody out there seeking knowledge, testing the edges, testing the boundaries, pushing the limits, and seeing how things work. So growing up, I disassembled little broken electron­ics and things like that, and as time went on this slowly progressed into, you know, a so-called hacker.

Katina Michael: Do you remember when you actually earned your first dollar by conducting cybercrime?

Dan DeFilippi: My first experience with money in this field was towards the end of my high school. And I realized that my electronics skills could be put to use to do something beyond work. I got involved with a small group of hackers that were trying to cheat advertising systems out of money, and I didn’t even make that much. I made a couple of hundred dollars over, like, a year or something. It was pretty much insignificant. But it was that experience, that first step, that kind of showed me that there was something else out there. And at that time I knew theft and fraud was wrong. I mean, I thought it was stealing. I knew it was stealing. But it spiraled downwards after that point.

Katina Michael: Can you elaborate on how your thinking developed towards earn­ing money through cybercrime?

Dan DeFilippi: I started out with these little things and they slowly, slowly built up and built up and built up, and it was this easy money. So this initial taste of being able to make small amounts, and eventually large amounts of money with almost no work, and doing things that I really enjoyed doing was what did it for me. So from there, I went to college and I didn’t get involved with credit card fraud right away. What I did was, I tried to find a market. And I’ve always been an entrepreneur and very business-minded, and I was at school and I said, “What do people here need? ... I need money, I don’t really want to work for somebody else, I don’t like that.” I realized people needed fake IDs. So I started selling fake IDs to college students. And that again was a taste of easy money. It was work but it wasn’t hard work. And from there, there’s a cross-over here between forged documents and fraud. So that cross-over is what drew me in. I saw these other people doing credit card fraud and mak­ing money. I mean, we’re talking about serious money. We’re talking about thousands of dollars a day with only a few hours of work and up.

Katina Michael: You strike me as someone who is very ethical. I almost cannot imagine you committing fraud. I’m trying to understand what went wrong?

Dan DeFilippi: And where were my ethics and morals? Well, the problem is when you do something like this, you need to rationalize it, okay? You can’t worry about it. You have to rationalize it to yourself. So everybody out there commit­ting fraud rationalizes what they’re doing. They justify it. And that’s just how our brains work. Okay? And this is something that comes up a lot on these online fraud forums where people discuss this stuff openly. And the question is posed: “Well, why do you do this? What motivates you? Why, why is this fine with you? Why are you not, you know, opposed to this?” And often, and the biggest thing I see, is like, you know, the Robin Hood scenario- “I’m just stealing from a faceless corporation. It’s victimless.” Of course, all of us know that’s just not true. It impacts the consumers. But everybody comes up with their own reason. Everybody comes up with an explanation for why they’re doing it, and how it’s okay with them, and how they can actually get away with doing it.

Katina Michael: But how does a sensitive young man like you just not realize the impact they were having on others during the time of committing the crimes?

Dan DeFilippi: I’ve never really talked about that too much before... Look the aver­age person when they know they’ve acted against their morals feels they have done wrong; it’s an emotional connection with their failure and emotionally it feels negative. You feel that you did something wrong no one has to tell you the crime type, you just know it is bad. Well, when you start doing these kinds of crimes, you lose that discerning voice in your head. I was completely dis­connected from my emotions when it came to these types of fraud. I knew that they were ethically wrong, morally wrong, and you know, I have no interest in committing them ever again, but I did not have that visceral reaction to this type of crime. I did not have that guilty feeling of actually stealing something. I would just rationalize it.

Katina Michael: Ok. Could I ask you whether the process of rationalization has much to do with making money? And perhaps, how much money did you actu­ally make in conducting these crimes?

Dan DeFilippi: This is a pretty common question and honestly I don’t have an answer. I can tell you how much I owe the government and that’s ... well, I suppose I owe Discover Card ... I owed $209,000 to Discover Card Credit Card Company in the US. Beyond that, I mean, I didn’t keep track. One of the things I did was, and this is kind of why I got away with it for so long, is I didn’t go crazy. I wasn’t out there every day buying ten laptops. I could have but chose not to. I could’ve worked myself to the bone and made millions of dollars, but I knew if I did that the risk would be significantly higher. So I took it easy. I was going out and doing this stuff one or two days a week, and just living comfortably but not really in major luxury. So honestly, I don’t have a real figure for that. I can just tell you what the government said.

Katina Michael: There is a perception among the community that credit card fraud is sort of a non-violent crime because the “actor” being defrauded is not a person but an organization. Is this why so many people lie to the tax office, for instance?

Dan DeFilippi: Yeah, I do think that’s absolutely true. If we are honest about it, everyone has lied about something in their lifetime. And people... you’re right, you’re absolutely right, that people observe this, and they don’t see it in the big picture. They think of it on the individual level, like I said, and people see this as a faceless corporation, “Oh, they can afford it.” You know, “no big deal”. You know, “Whatever, they’re ripping off the little guy.” You know. People see it that way, and they explain it away much easier than, you know, somebody going off and punching someone in the face and then proceeding to steal their wallet. Even if the dollar figure of the financial fraud is much higher, people are generally less concerned. And I think that’s a real problem because it might entice some people into committing these crimes because they are considered “soft”. And if you’re willing to do small things, it’s going to, as in my case, eventually spiral you downwards. I started with very small fraud, and then got larger. Not that everybody would do that. Not that the police officer taking the burger for free from Burger King is going to step up to, you know, to extortion or something, but certainly it could, could definitely snowball and lead to something.

Katina Michael: It has been about 6 years since you were arrested. Has much has changed in the banking sector regarding triggers or detection of cybercriminal acts?

Dan DeFilippi: Yeah. What credit card companies are doing now is pattern match­ing and using software to find and root out these kind of things. I think that’s really key. You know, they recognize patterns of fraud and they flag it and they bring it out. I think using technology to your advantage to identify these patterns of fraud and investigate, report and root them out is probably, you know, one of the best techniques for dollar returns.

Katina Michael: How long were you actually working for the US Secret Service, as a matter of interest? Was it the length of your alleged, or so-called prison term, or how did that work?

Dan DeFilippi: No. So I was arrested early December 2004. I started working with the Secret Service in April 2005, so about six months later. And I worked with them fulltime almost for two years. I cut back on the hours a little bit towards the end, because I went back to university. But it was, it was almost exactly two years, and most of it was fulltime.

Katina Michael: I’ve heard that the US is tougher on cybercrime relative to other crimes. Is this true?

Dan DeFilippi: The punishment for credit card fraud is eight-and-a-half years in the US.

Katina Michael: Do these sentences reduce the likelihood that someone might get caught up in this kind of fraud?

Dan DeFilippi: It’s a contested topic that’s been hotly debated for a long time. And also in ethics, you know, it’s certainly an interesting topic as well. But I think it depends on the type of person. I wasn’t a hardened criminal, I wasn’t the fella down on the street, I was just a kid playing around at first that just got more serious and serious as time went on. You know, I had a great upbring­ing, I had good morals. And I think to that type of person, it does have an impact. I think that somebody who has a bright future, or could have a bright future, and could throw it all away for a couple of hundred thousand dollars, or whatever, they recognize that, I think. At least the more intelligent people recognize it in that ... you know, “This is going to ruin my life or potentially ruin a large portion of my life.” So, I think it’s obviously not the only deterrent but it can certainly be useful.

Katina Michael: You note that you worked alone. Was this always the case? Did you recruit people to assist you with the fraud and where did you go to find these people?

Dan DeFilippi: Okay. So I mainly worked alone but I did also work with other people, like I said. I was very careful to protect myself. I knew that if I had partners that I worked with regularly it was high risk. So what I did was on these discussion forums, I often chatted with people beyond just doing the credit card fraud, I did other things as well. I sold fake IDs online. I sold the printed cards online. And because I was doing this, I networked with people, and there were a few cases where I worked with other people. For example, I met somebody online. Could have been law enforcement, I don’t know. I would print them a card, send it to them, they would buy something in the store, they would mail back the item, the thing they bought, and then I would sell them online and we would split the money 50/50.

Katina Michael: Was this the manner you engaged others? An equal split?

Dan DeFilippi: Yes, actually, exactly the same deal for instance, with the person I was working with in person, and that person I met through my fake IDs. When I had been selling the fake IDs, I had a network of people that resold for me at the schools. He was one of the people that had been doing that. And then when he found out that I was going to stop selling IDs, I sort of sold him my equipment and he kind of took over. And then he realized I must have something else going on, because why would I stop doing it, it must be pretty lucrative. So when he knew that, you know, he kept pushing me. “What are you doing? Hey, I want to get involved.” And this and that. So it was that person that I happened to meet in person that in the end was my downfall, so to speak.

Katina Michael: Did anyone, say a close family or friend, know what you were doing?

Dan DeFilippi: Absolutely not. No. And I, I made it a point to not let anyone know what I was doing. I almost made it a game, because I just didn’t tell anybody anything. Well, my family I told I had a job, you know, they didn’t know... but all my friends, I just told them nothing. They would always ask me, you know, “Where do you get your money? Where do you get all this stuff?” and I would just say, “Well, you know, doing stuff.” So it was a mystery. And I kind of enjoyed having this mysterious aura about me. You know. What does this guy do? And nobody ever thought it would be anything illegitimate. Everybody thought I was doing something, you know, my own webs ites, or maybe thought I was doing something like pornography or something. I don’t know. But yeah, I definitely did not tell anybody else. I didn’t want anybody to know.

Katina Michael: What was the most outrageous thing you bought with the money you earned from stolen credit cards?

Dan DeFilippi: More than the money, the outrageous things that I did with the cards is probably the matter. In my case the main motivation was not the money alone, the money was almost valueless to a degree. Anything that anyone could buy with a card in a store, I could get for free. So, this is a mind-set change a fraudster goes through that I didn’t really highlight yet. But money had very little value to me, directly, just because there was so much I could just go out and get for free. So I would just buy stupid random things with these stolen cards. You know, for example, the case where I actually ended up leading to my arrest, we had gone out and we had purchased a laptop before that one that failed, and we bought pizza. You know? So you know, a $10 charge on a stolen credit card for pizza, risking arrest, you know, for, for a pizza. And I would buy stupid stuff like that all the time. And just because I knew it, I had that experience, I could just get away with it mostly.

Katina Michael: And on that line of thinking, had you ever met one of your victims? And I don’t mean the credit card company. I actually mean the individual whose credit card you defrauded?

Dan DeFilippi: So I haven’t personally met anyone but I have read statements. So as part of sentencing, the prosecutor solicited statements from victims. And the mind-set is always, “Big faceless corporation, you know, you just call your bank and they just, you know, reverse the charges and no big deal. It takes a little bit of time, but you know, whatever.” And the prosecutor ended up get­ting three or four statements from individuals who actually were impacted by this, and honestly, you know, I felt very upset after reading them. And I do, I still go back and I read them every once in a while. I get this great sinking feeling, that these people were affected by it. So I haven’t actually personally met anyone but just those statements.

Katina Michael: How much of hacking do you think is acting? To me traditional hacking is someone sort of hacking into a website and perhaps downloading some data. However, in your case, there was a physical presence, you walked into the store and confronted real people. It wasn’t all card-not-present fraud where you could be completely anonymous in appearance.

Dan DeFilippi: It was absolutely acting. You know, I haven’t gone into great detail in this interview, but I did hack credit card information and stuff, that’s where I got some of my info. And I did online fraud too. I mean, I would order stuff off websites and things like that. But yeah, the being in the store and playing that role, it was totally acting. It was, like I mentioned, you are playing the part of a normal person. And that normal person can be anybody. You know. You could be a high-roller, or you could just be some college student going to buy a laptop. So it was pure acting. And I like to think that I got reasonably good at it. And I would come up with scenarios. You know, ahead of time. I would think of scenarios. And answers to situations. I came up with techniques that I thought worked pretty well to talk my way out of bad situations. For example, if I was going to go up and purchase something, I might say to the cashier, before they swiped the card, I’d say, “Oh, that came to a lot more than I thought it would be. I hope my card works.” So that way, if something happened where the card was declined or it came up call for authorization, I could say, “Oh yeah, I must not have gotten my payment” or something like that. So, yeah, it was definitely acting.

Katina Michael: You’ve mentioned this idea of downward spiraling. Could you elaborate?

Dan DeFilippi: I think this is partially something that happens and it happens if you’re in this and do this too much. So catching people early on, before this takes effect is important. Now, when you’re trying to catch people involved in this, you have to really think about these kinds of things. Like, why are they doing this? Why are they motivated? And the thought process, like I was saying, is definitely very different. In my case, because I had this hacker background, and I wasn’t, you know, like some street thug who just found a computer. I did it for more than just the money. I mean, it was certainly because of the chal­lenge. It was because I was doing things I knew other people weren’t doing. I was kind of this rogue figure, this rebel. And I was learning at the edge. And especially, if I could learn something, or discover something, some technique, that I thought nobody else was using or very few people were using it, to me that was a rush. I mean, it’s almost like a drug. Except with a drug, with an addict, you’re chasing that “first high” but can’t get back to it, and with credit card fraud, your “high” is always going up. The more money you make, the better it feels. The more challenges you complete, the better you feel.

Katina Michael: You make it sound so easy. That anyone could get into cybercrime. What makes it so easy?

Dan DeFilippi: So really, you’ve got to fill the holes in the systems so they can’t be exploited. What happens is crackers, i.e. criminal hackers, and fraudsters, look for easy access. If there are ten companies that they can target, and your company has weak security, and the other nine have strong security, they’re going after you. Okay? Also, in the reverse. So if your company has strong security and nine others have weak security, well, they’re going to have a field-day with the others and they’re just going to walk past you. You know, they’re just going to skip you and move on to the next target. So you need to patch the holes in your technology and in your organization. I don’t know if you’ve noticed recently, but there’s been all kinds of hacking in the news. The PlayStation network was hacked and a lot of US targets. These are basic things that would have been discovered had they had proper controls in place, or proper security auditing happening.

Katina Michael: Okay, so there is the systems focus of weaknesses. But what about human factor issues?

Dan DeFilippi: So another step to the personnel is training. Training really is key. And I’m going to give you two stories, very similar but with totally different outcomes, that happened to me. So a little bit more about what I used to do frequently. I would mainly print fake credit cards, put stolen data on those cards and use them in store to go and purchase items. Electronics, and things like that, to go and re-sell them. So ... and in these two stories, I was at a big- box well-known electronics retailer, with a card with a matching fake ID. I also made the driver’s licenses to go along with the credit cards. And I was at this first location to purchase a laptop. So pick up your laptop and then go through the standard process. And when committing this type of crime you have to have a certain mindset. So you have to think, “I am not committing a crime. I am not stealing here. I am just a normal consumer purchasing things. So I am just buying a laptop, just like any other person would go into the store and buy a laptop.” So in this first story, I’m in the store, purchasing a laptop. Picked it out, you know, went through the standard process, they went and swiped my card. And it came up with a ‘CFA’ – call for authorization. Now, a call for authorization is a case where it’s flagged on the computer and you actually have to call in and talk to an operator that will then verify additional information to make sure it’s not fraud. If you’re trying to commit fraud, it’s a bad thing. You can’t verify this, right? Right? So this is a case where it’s very possible that you could get caught, so you try to talk your way out of the situation. You try to walk away, you try to get out of it. Well, in this case, I was unable to escape. I was unable to talk my way out of it, and they did the call for authorization. They called in. We had to go up to the front of the store, there was a customer service desk, and they had somebody up there call it in and discuss this with them. And I didn’t overhear what they were saying. I had to stand to the side. About five or ten minutes later, I don’t know, I pretty much lost track of time at that point, they come back to me and they said, “I’m sorry, we can’t complete this transaction because your information doesn’t match the information on the credit card account.” That should have raised red flags. That should have meant the worse alarm bells possible.

Katina Michael: Indeed.

Dan DeFilippi: There should have been security coming up to me immediately. They should have notified higher people in the organization to look into the matter. But rather than doing that, they just came up to me, handed me back my cards and apologized. Poor training. So just like a normal consumer, I act surprised and alarmed and amused. You know, and I kind of talked my way out of this too, “You know, what are you talking about? I have my ID and here’s my card. Obviously this is the real information.” Whatever. They just let me walk out of the store. And I got out of there as quickly as possible. And you know, basically walked away and drove away. Poor training. Had that person had the proper training to understand what was going on and what the situation was, I probably would have been arrested that day. At the very least, there would have been a foot-chase.

Katina Michael: Unbelievable. That was very poor on the side of the cashier. And the other story you were going to share?

Dan DeFilippi: The second story was the opposite experience. The personnel had proper training. Same situation. Different store. Same big-box electronic store at a different place. Go in. And this time I was actually with somebody else, who was working with me at the time. We go in together. I was posing as his friend and he was just purchasing a computer. And this time we, we didn’t really approach it like we normally did. We kind of rushed because we’d been out for a while and we just wanted to leave, so we kind of rushed it faster than a normal person would purchase a computer. Which was unusual, but not a big deal. The person handling the transaction tried to upsell, upsell some things, warranties, accessories, software, and all that stuff, and we just, “No, no, no, we don’t ... we just want to, you know, kind of rush it through.” Which is kind of weird, but okay, it happens.

Katina Michael: I’m sure this would have raised even a little suspicion however.

Dan DeFilippi: So when he went to process the transaction, he asked for the ID with the credit card, which happens at times. But at this point the person I was with started getting a little nervous. He wasn’t as used to it as I was. My biggest thing was I never panicked, no matter what the situation. I always tried to not show nervousness. And so he’s getting nervous. The guy’s checking his ID, swipes the card, okay, finally going to go through this, and call for authorization. Same situation. Except for this time, you have somebody here who’s trying todo the transaction and he is really, really getting nervous. He’s shifting back and forth. He’s in a cold sweat. He’s fidgeting. Something’s clearly wrong with this transaction. Now, the person who was handling this transaction, the person who was trying to take the card payment and everything, it happened to be the manager of this department store. He happened to be well-trained. He happened to know and realize that something was very wrong here. Somethingwas not right with this transaction. So the call for authorization came up. Now, again, he had to go to the front of the store. He, he never let that credit card and fake ID out of his hands. He held on to them tight the whole time. There was no way we could have gotten them back. So he goes up to the front and he says, “All right, well, we’re going to do this.” And we said, “Okay, well, we’ll go and look at the stock while you’re doing it.” You know. I just sort of tried to play off, and as soon as he walked away, I said, “We need to get out of here.” And we left; leaving behind the ID and card. Some may not realize it as I am retelling the story, but this is what ended up leading to my arrest. They ran his photo off his ID on the local news network, somebody recognized him, turned him in, and he turned me in. So this was an obvious case of good, proper training. This guy knew how to handle the situation, and he not only prevented that fraud from happening, he prevented that laptop from leaving the store. But he also helped to catch me, and somebody else, and shot down what I was doing. So clearly, you know, failing to train people leads to failure. Okay? You need to have proper training. And you need to be able to handle the situation.

Katina Michael: What did you learn from your time at the Secret Service?

Dan DeFilippi: So a little bit more in-depth on what I observed of cybercriminals when I was working with the Secret Service. Now, this is going to be a little aside here, but it’s relevant. So people are arrogant. You have to be arrogant to commit a crime, at some level. You have to think you can get away with it. You’re not going to do it if you can’t, you know, if you think you’re going to get caught. So there’s arrogance there. And this same arrogance can be used against them. Up until the point where I got caught in the story I just told you that led to my arrest, I was arrogant. I actually wasn’t protecting myself as well as I had been, should have been. Had I been investigated closer, had law enforcement being monitoring me, they could have caught me a lot earlier. I left traces back to my office. I wasn’t very careful with protecting my office, and they could have come back and found me. So you can play off arrogance but also ignorance, obviously. They go hand-in-hand. So the more arrogant somebody is, the more risk they’re willing to take. One of the things we found frequently works to catch people was email. Most people don’t realize that email actually contains the IP address of your computer. This is the identifier on the Internet to distinguish who you are. Even a lot of criminals who are very intelligent, who are involved in this stuff, do not realize that email shows this. And it’s very easy. You just look at the source of the email and boom, there you go. You’ve got somebody’s location. This was used countless times, over and over, to catch people. Now, obviously the real big fish, the people who are really intelligent and really in this, take steps to protect themselves with that, but then those are the people who are supremely arrogant.

Katina Michael: Can you give us a specific example?

Dan DeFilippi: One case that happened a few years ago, let’s call the individual “Ted”. He actually ran a number of these online forums. These are “carding” forums, online discussion boards, where people commit these crimes. And he was extremely arrogant. He was extremely, let’s say, egotistical as well. He was very good at what he did. He was a good cracker, though he got caught multiple times. So he actually ran one of these sites, and it was a large site, and in the process, he even hacked law enforcement computers and found out information about some of these other operations that were going on. Actu­ally outed some, some informants, but the people didn’t believe him. A lot of people didn’t believe him. And his arrogance is really what led to his downfall. Because he was so arrogant he thought that he could get away with everything. He thought that he was protecting himself. And the fact of the matter was, law enforcement knew who he was almost the whole time. They tracked him back using basic techniques just like using email. Actually email was used as part of the evidence, but they actually found him before that. And it was his arrogance that really led to his getting arrested again, because he just didn’t protect himself well enough. And this really I cannot emphasize it enough, but this can really be used against people.

Katina Michael: Do you think that cybercrimes will increase in size and number and impact?

Dan DeFilippi: Financial crime is going up and up. And everybody knows this. The reality is that technology works for criminals as much as it works for businesses. Large organizations just can’t evolve fast enough. They’re slow in comparison to cybercriminals.

Katina Michael: How so?

Dan DeFilippi: A criminal’s going to use any tools they can to commit their crimes. They’re going to stay on top of their game. They’re going to be at the forefront of technology. They’re going to be the ones out there pioneering new tech­niques, finding the holes before anybody else, in new systems to get access to your data. They’re going to be the ones out there, and combining that with the availability of information. When I started hacking back in the ‘90s, it was not easy to learn. You really pretty much had to go into these chat-rooms and become kind of like an apprentice. You had to have people teach you.

Katina Michael: And today?

Dan DeFilippi: Well after the 2000s, when I started doing the identification stuff, there was easier access to data. There were more discussion boards, places where you could learn about these things, and then today it’s super easy to find any of this information. Myself, I actually wrote some tutorials on how to conduct credit card fraud. I wrote, like, a guide to in-store carding. I included how to go about it, what equipment to use, what to purchase, and it’s all out there in the public domain. You don’t even have to understand any of this. You know, you could know nothing about technology, spend a few hours online searching for this stuff, learn how to do it, and order the stuff overnight and the next day you could be out there going and doing this stuff. That’s how easy it is. And that’s why it’s really going up, in my opinion.

Katina Michael: Do you think credit card fraudsters realize the negative conse­quences of their actions?

Dan DeFilippi: People don’t realize that there is a real negative consequence to this nowadays. I’m not sure what the laws are in Australia about identity theft and credit card fraud, but in the United States, it used to be very, very easy to get away with. If you were caught, it would be a slap on the wrist. You would get almost nothing happening to you. It was more like give the money back, and possibly serve jail time if it was a repeat offence, but really that was no deterrent. Then it exploded post dot com crash, then a few years ago, we passed a new law that it’s a mandatory two years in prison if you commit identity theft. And credit card fraud is considered identity theft in the United States. So you’re guaranteed of some time in jail if caught.

Katina Michael: Do you think people are aware of the penalties?

Dan DeFilippi: People don’t realize it. And they think, “Oh, it’s nothing, you know, a slap on the wrist.” There is a need for more awareness, and campaigning on this matter. People need to be aware of the consequences of their actions. Had I realized how much time I could serve for this kind of crime, I probably would have stopped sooner. Long story short, because I worked with the Se­cret Service and trained them for a few years, I managed to keep myself out of prison. Had I not done that, I would have actually been facing eight-and-a-half years. That’s serious, especially for somebody who’s in their early 20s. And really had that happened, my future would have been ruined, I think. I probably would have become a lifelong criminal because prisons are basically teaching institutions for crime. So really I, had I known, had I realized it, I wouldn’t have done it. And I think especially younger people, if they realize that the major consequences to these actions, that they can be caught nowadays, that there are people out there looking to catch them, that really would help cut back on this. Also catching people earlier of course is more ideal. Had I been caught early on, before my mind-set had changed and the emotional ties had been broken, I think I would have definitely stopped before it got this far. It would have made a much bigger impact on me. And that’s it.

Good afternoon everyone. My name is William Herbert, and for identification purposes only I am the Deputy Chair of the New York State Public Employment Relations Board. You may be wondering why am I here. In fact, my scholarship has been involved with issues involving RFID, GPS and other forms of technology, as a legal perspective. I was asked to moderate, I think partially, this panel because of my background in labour relations, in which we have conflicting views frequently in labour, and my agency’s role is frequently brought in to try to bring some kind of bridges between varying positions on issues, at least in the workplace. We have over the past two days been very fortunate to hear very diverse viewpoints on the issue of RFID. And I thought it was appropriate that we try to bring those diverging voices together in seeking to bring some degree of bridging of these different ideas to try to aim towards bringing some degree of harmony about a perspective, or at least the first steps towards that perspective. As Roger Clarke mentioned earlier in his talk, there is a need for this kind of dialogue and I think this panel will be a very good first step or second step in that process.

So the question I'm going to be asking for the panellists today is: can societies develop a balanced response to radio-frequency identification (RFID)? And when I use the word RFID, I'm discussing both the technology, not limited to implants, but just the technology itself. So with that question, I'm going to first ask Roger to discuss whether societies can develop a balanced response to RFID technology.

Public reaction – angry. I get a lot of angry emails, calls, and things like that. There are some people that wish I’d just go away, and there are others claiming that I am somehow helping “the conspiracy”. This is just kind of a little thing that I thought up, about the cycle of fear that I’ve noticed when talking to people. So when people come to me and they’re angry about things, I try to engage them in conversation but usually they’re afraid of misconceptions about the technology. They think that somehow the GPS satellites are communicating with this tag – which really only has a three-inch read range – and somehow reporting my location, “Can’t they track you?” … the elusive “they”.

So you know, they’re afraid of something they’re not sure of and they take action because they’re afraid. Then people that know about it respond, usually poorly. This interaction reveals to the angry people that they really don’t know what it is they’re talking about. And what’s interesting is that they have a new fear then, and that fear causes them not to want to learn about the technology. They don’t want to engage, because they somehow feel that if they learn about it, maybe their fears are unfounded or whatever. But it’s a cycle that repeats quite often. So the concept is that, you know, somehow now your body is up for sale, and companies and governments are vying for it.

Katina Michael interviewed Mr Peter Mahy of Howells LLP who represented S and Marper at the European Court of Human Rights

Abstract: Mr Peter Mahy, Partner at Howells LLP and the lawyer who represented S & Marper in front of the Grand Chamber at the European Court of Human Rights was interviewed by Katina Michael on the 10th of October 2009 while she was studying towards a Masters of Transnational Crime Prevention in the Faculty of Law at the University of Wollongong. In 2010 Peter Mahy received the Legal Aid Lawyer of the Year award for his contribution to the field. Mahy received his honours law degree from Sheffield University and a Masters in Criminology from the University of Cambridge. He did his Legal Practice Course at the University of Northumbria, Newcastle and joined Howells in 1996, qualifying in 1998.

Katina Michael: Peter, thank you for the opportunity to conduct this interview with you. I will begin by asking you to distinguish between the collection and storage of DNA samples as opposed to DNA profiles? Or do you see both collection types are ‘equal’ in value?

Peter Mahy: I do distinguish between DNA sampling and DNA profiling. And in fact, the UK government is now also distinguishing between DNA samples and profiling, stating in their consultation paper, Keeping the right people on the DNA database, that samples will be destroyed. I think there is a particular distinction in that there is a fear with how samples may be used in the future, and how they might be analysed into the future. However to me personally, I think the collection and storage of DNA profiles as opposed to DNA samples is marginal and that both are of a huge concern.

Katina Michael: So the UK government has now publicly stated that they will destroy all samples on their national database?

Peter Mahy: Yes. So what they are saying now is that the DNA sample will be destroyed once it has been uploaded to a profile.

Katina Michael: Could you make a general comment about the British Police and Criminal Evidence (PACE) Act 1984 and how it has changed since its introduction?

Peter Mahy: So prior to 2001, the UK took the position that if you had your DNA taken on charge then it could be kept but if you were acquitted or the charge was not continued then it had to be destroyed. That was changed in 2001, so that DNA could be retained even after acquittal or if charges were dropped. And then the law again changed so that a DNA sample could be taken just on arrest, not charge. So the PACE in terms of the collection of DNA was significantly watered down.

Katina Michael: Is it true that PACE has been watered down so much that it has been applied to the collection of DNA samples for what society generally considers petty misdeeds? Was DNA collected first for violent crimes alone, and then later due to changes in PACE for minor misdemeanors?

Peter Mahy: So what has happened now, is about police powers with respect to recordable offences. And so every 6-12 months, the notion of what constitutes a recordable offence is redefined, and each time it gets redefined more offences are introduced into PACE, including more lower level crimes. So there has been a widening of the definition on what constitutes a recordable offence, to include more minor offences.

Katina Michael: Some analysts, early on (e.g. Ireland 1989) have argued that PACE did a good job of balancing the right of an accused person against the need for police to have adequate powers for law enforcement. Do you agree? Peter Mahy: I think the problem in the UK is that you see an increasing amount of criminal legislation. There has been 3000 changes to acts of parliament related to criminal legislation since the Labour government has been in, so there has been a creep to the erosion of civil liberties, a hemming in if you like, and so it seems to be a constant battle to keep the rights that were enshrined in PACE and the Human Rights Act.

Katina Michael: Do you see then, that the increase in police authority and powers represents a commensurate loss in the individual rights of UK citizens? Peter Mahy: So I think there is sort of a constant creep against civil liberties, and a constant battle to preserve them. And it is not clear cut. The UK enacted the Human Rights Act which was a massive step forward but that is under threat at the moment. There is a conservative party here that is saying they are going to take away the Human Rights Act. This could be seen a battle between the left and right all the time, trying to keep the rights that have been hard fought for. Katina Michael: As a solicitor representing persons in cases to do with civil liberties, how do you feel about the collection of DNA samples for crimes such as: petty misdeeds such as begging, or being under the influence of alcohol, and acting in a disorderly fashion?

Peter Mahy: I think an interesting issue in this whole case and this whole debate is that no one has really grappled with why DNA has been taken from a person at all. If a person is presumed innocent, I mean, why should you take their DNA on arrest or on charge? That lead into the question really. Is it right to take the DNA of a person for very low level offences? I think that no one has really grappled with this, of when do you draw the line and when should it be taken?

Katina Michael: I agree. I am actually interested in this very question. And perhaps more specifically I am interested in why more citizens do not speak up about the collection and long term storage of their DNA samples and profiles. Is it that citizens feel powerless? Or that they do not know how to fully participate in such a process of questioning?

Peter Mahy: I think that what has been absolutely amazing in this case is that when this case started out it was pretty much just me challenging the law. There was so little interest in the divisional courts, little interest in the Court of Appeal. Even at the House of Lords, the media was not really interested, not at all, so there was really no profile. When we got called from the European Court of Human Rights things began to get a little bit more exciting. And then there was the Nuffield report that was big publicity. And after the European Court there seems to be something on DNA in the press every day, and I think now it has a high profile. When you listen to documentaries on television here, or question time which is very popular, there is just about something on this every week because this really is a big issue now and it has come as a result of the stand that we took. And it seems that this is a major issue. In terms of people challenging government and taking it forward- I understand that Chief Constables are virtually inundated with daily requests at the moment and citizens voicing and demanding their rights.

Katina Michael: That is great to hear. And I do hope it sets an example for others to follow, causing a ripple effect through the Europe, and the rest of the world. Does the UK government actually have about 9% of all UK citizen DNA samples?

Peter Mahy: Yes it does. The figures that we have over here are that there are just over 5 million samples on the DNA database with about a 60 million population in the UK, so it is roughly between 8%-9%. I mean it is a particular problem here because these are the statistics that we have been given over the years by the Government, but they seem to change a lot and are quite unreliable, and that is one of the key problems. So I am rather skeptical about the UK figures that they are putting forward but it seems to be around the 5 million mark. Katina Michael: So when you compare the percentage of the UK population that has had their DNA sample stored (about 9%) on the national DNA database with other countries in the world (about 2%) do you believe that the collection is ‘grossly disproportionate’? Are we to believe that crime rates are so high in the UK, or there are other historical reasons to describe this kind of sampling?

Peter Mahy: I think the UK in the last few years has become fairly obsessed with crime and it has been a policy of the government to focus on this. And the government was particularly proud in this case to say that they were the vanguard of DNA and of the biggest database and therefore they would be able to conduct crime detection but without really thinking about the implications. So it was actually the Government who wanted to have the biggest database. I think the government also saw it as a cheap way of fighting crime, and cutting costs and trying to keep the public happy.

Katina Michael: And are the retention laws in the UK, post S & Marper bound to change?

Peter Mahy: This is quite a difficult question. The government has been doing as little as possible to comply with the judgment but the Council of Ministers is ensuring that they do comply with the judgment. So although to date, they have been doing as little as they can, in the end they are going to have to comply.

Katina Michael: Could you elaborate on the main issue the ECtHR case identified which was to do with the principle of “proportionality” and an individual’s right to respect for private life? Was this the key finding? What were some of the other findings from your viewpoint?

Peter Mahy: I think one of the important things to realise is that in the UK courts, we traveled from the Divisional Court, the Court of Appeal, and the House of Lords, and while in the UK it was stated that Article 8(1) the ‘right to private life’ was probably not even engaged. The feeling in the UK was very much that this was not a very important issue and why are you here for. And we had a fairly rough ride in the UK courts, some even commented that they could not see any basis for the case at all. In the ECtHR, they said clearly that article 8(1) was engaged and that was an important finding, from the UK point of view certainly that these rights have to be taken seriously. I think the other major finding was identification from the court that there was no independent system in the UK for review, and so you have to ask the Chief Constable to remove your DNA and simply that is not fair. That is something that the UK Government has tried to whitewash a bit, saying that well, we are going to keep that, and the Council of Ministers are saying well that is not good enough. So the finding that you should have the opportunity to have somebody else make the decision was important. But the main findings from the European Court were what is called the Article 8(2) right, which is the proportionality argument. They said that they were struck that in the UK there was a blanket policy so that everybody’s DNA was retained until they were 100 or until they died, no matter who they are or what offence they committed. And they found that the UK had overstepped what is called the margin of appreciation, that is the right for each country to determine its own laws and try to strike a fair balance. So all in all, they found that not only was Article 8 (1) engaged but that Article 8(2) on proportionality where states have a lot of lee­way that the UK had just gone too far and were adopting a blanket one-for-all policy.

Katina Michael: How do you think the United Kingdom have reacted to the ECtHR ruling? And have they reacted enough and at the required speed?

Peter Mahy: What happened in December 2008 the Home Secretary, who has of course now been chucked out, said there was going to be a white paper and that the matter was going to be fully debated with common sense standards. Not soon after that, around about February 2009 time, the Government said they were going to make regulations and secondary legislation so the matter would not be debated. And that is now in jeopardy because the House of Lords Committee said that would be an unlawful. The Government then introduced the consultation paper, Keeping the right people on the DNA database, in May of this year, and importantly, based their statistics from the Jill Dando Institute. The Jill Dando Institute recently said that the statistics that the consultation is based on were not finished. So that puts the whole consultation up in the air. And most importantly the Council of Ministers debated this on the 15th and 16th of September this year, and looked at the UK proposals and they basically said that for most of them that if they were enacted, then they would be unlawful. So I think the UK is in a very difficult position because 10 months on they have not complied with the judgment. And that they have put proposals forward that are based on flawed statistics and which the Council of Ministers have said would probably be unlawful.

Katina Michael: And you have mentioned the citizen response has been to inundate the Chief Constables with requests to remove DNA samples. How have you felt about the consultative process as of May 2009?

Peter Mahy: Part of the problem with the consultation process from my point of view, is that for a public consultation the Government provided a very long and a very complex document. It is not the sort of document that most members of the public can easily read. It was not in an easy format. There was no sort of response leaflet that had five or six questions that you could answer and send in. There was none of that, no guidance of how to respond. I think for many members of the public that would have been difficult to respond to. We were told that there were however about 500 people that responded. And of course, it was only people who knew about the consultation and could access and understand the document and then just send their response to it.

Katina Michael: So S & Marper’s DNA samples were removed after the ECtHR ruling? And what about the samples of other innocents? Were they destroyed or are they still on the database?

Peter Mahy: Our clients’ samples were destroyed in December 2008, almost immediately after we requested destruction, after the ECtHR ruling. What has been happening in the UK is that the Government, the Home Office, have been telling forces to send a standard letter out to people who have requested destruction of their samples, saying that the law and policy in the UK has not changed and therefore they would have to wait for a change in the law or policy. And that is what the majority of the people get. And I guess for people who cannot afford to pay privately or eligible for legal aid, they think that that is it, and they do not know any different. We have had quite a lot of clients who have come to us about their situation and we have been challenging it and to date all of our clients DNA samples have been destroyed and taken off but I think the problem is that the majority of people are not fully aware of their rights and are accepting what is said. They do not know how to challenge the government in what they are saying.

Katina Michael: What is the next step in this process? What will it take for the UK Government to destroy the samples?

Peter Mahy: The Labour Government here is very reluctant and I think in truth that they are hoping that this issue is just going to go away before the general election which is scheduled for the next six months or so. I am skeptical that they are going to do anything before then but they have Europe on their back and the Conservative Government which is interestingly seen as more right wing has said that they will comply with the ECtHR judgment, and will destroy the DNA samples of all innocents as will the Liberal Democrat Party. So it all depends on who is in power. But I think either way eventually the UK is going to have to comply with the judgment and destroy DNA samples of innocents or at least have a fairly limited retention period as they do in Scotland.

Katina Michael: Do you wish to comment about reports in the media that Mr S has somehow found his way back onto the DNA ‘archive’? Authorities would have us believe that Mr S’s details should never have been removed from the National DNA Database (NDNA) in the first place, but is the real story more about the ‘ease’ with which one’s DNA sample can end up on the N DNA?

Peter Mahy: I think in a way it is the Government trying to make the most of it, but it is a false premise really, because the point is that Mr S was arrested again, and his DNA was put back on the NDNA. But they did not need his DNA to get there, i.e., it made no difference that his DNA was taken off in the first place. As I understand it, DNA was not involved in either of the cases at all. In fact, DNA was not a feature of either case, so it would not have made any difference at all.

Katina Michael: So your response is basically, what is the point of collecting and storing DNA when it cannot add any value to the actual case in question?

Peter Mahy: Yes, in the case of our client, what did it matter, DNA played no part at all.

Katina Michael: So why have the UK adopted such a stance? Are they attempting to make their statistical inferences more robust when DNA is being analysed in criminal proceedings?

Peter Mahy: Certainly the UK’s policy has always been that they have wanted the largest database possible. I think if it was not for the ECtHR ruling, they would have gone for a fully fledged national DNA database.

Katina Michael: So I gather from my reading that the motivation for such a national DNA database has to do with providing a greater probability and confidence level between the DNA evidence found at the scene of a crime and a match with the DNA sample of a suspect and to eliminate such problems linked to the need to conduct sub-group sampling?

Peter Mahy: Many of the commentators now- and this is where we are getting into more scientific discussion and more areas of argument- are saying that they consider four to five million samples to be the largest for an accurate DNA database. And that if your database size goes over five million that your chances of getting false hits and false readings increase. I was reading one article that was discussing how the chances of false hits is now increasing as a result of increasing records on the NDNA.

Katina Michael: What do you think the ‘Father of DNA’ thinks about all this?

Peter Mahy: Well in fact, Alec Jeffreys has gone on record over the last few years saying that the DNA samples of innocents should not be kept and should be destroyed.

Katina Michael: Could you make a comment about the collection of DNA samples from:

a)Children?

b)Persons under the age of 18?

c)Or of particular ethnic/racial/familial backgrounds and what impact this might have in a court of law?

Peter Mahy: This was something we relied on the UN Convention on the Rights of the Child and the European Court certainly saw that as a big issue, and that children are entitled to special consideration. And we also made the discrimination argument that there are so many more people of ethnic backgrounds than Caucasians as well. But in the end the ECtHR did not need to rule on that matter at all, as they ruled on the importance of a right to private life. Personally, I am not sure that there is a huge difference, and personally I think that the same rules should apply to everybody. If you are innocent, then it should not really matter what age you are, or what background you are from.

Katina Michael: So how is the Government proposing to change DNA retention laws by age and type of offence?

Peter Mahy: So there are proposals from the Government to that end. For a serious violent, sexual or terrorism-related offence, the DNA of a child would be retained for 12 years. For children between the ages of 10 and 18 years who are arrested but not convicted on one occasion, DNA is retained for 6 years then deleted on the 18th birthday, whichever happens first. And if a child is arrested on 2 occasions, their DNA is retained for the full 6 year term. So yes, a different regime for the retention of DNA for children.

Katina Michael: What would it take to raise the profile of the importance of removing DNA samples from public databases, especially in the European Union or Council of Europe states? Will it take more cases like S & Marper to front up to the ECtHR or various EU states to remove samples from databases? What strategy would you adopt?

Peter Mahy: I think we now have the judgment and it is now in the political debate and the Government will have to respond to the consultation submissions shortly. And after the ECtHR judgment the Government has been under constant pressure. There will be more test cases from people like me. I see the next test case could be somebody who tries to have their DNA destroyed only to be told by the Chief Constable that it cannot. At the moment the Chief Constable is relying on guidelines from 2006 which says the House of Lords ruling is the law. And I think that that is just crazy. The Government is not even taking into account the ECtHR judgment really. I think there would also be an interesting test case on whether it is lawful to take DNA on arrest given that there is no evidential threshold at that stage and I think there is going to be another test case on the issue of keeping DNA for ever and for minor crimes. I think there is going to be lots of test cases as well as the Council of Ministers driving the political debate, so altogether really.

Katina Michael: Could you make a comment on the collection and exchange of DNA data as a result of the Prüm Treaty? Do you see this as magnifying the problem of collecting DNA samples of innocents and those acquitted?

Peter Mahy: To be honest, we never got to the bottom of how this works in practice. For instance, if someone has there DNA sample taken in the UK and a DNA profile is exchanged between EU states and then a request for deletion is made and granted in the UK, who knows where your information has been saved? Has it been saved in different places all around the world? I am not sure even the Government has a handle on what they have been doing with this information. Katina Michael: Yes the loss of information is a critical issue for such sensitive databases.

Peter Mahy: I do not know if you heard but in the UK last year, there was a database of DNA profiles with known sex offenders sent from the Dutch police to the UK). Somehow the disc was misplaced and found over a year later. There has been a whole history here in the UK of data going missing, including prison inmate details, bank account details etc. The point is that mishandling of such information is possible. The matter seems to have gone quiet now but this seems to be a huge issue. It seems to me however that there are even more fundamental issues. Say for instance we are sharing DNA profiles with country X who is currently considered our ‘friend’ and then 10-20 years down the track they become our ‘enemy’. This then becomes a serious terrorist threat. These DNA samples and profiles can then be used against us and to cause huge threat against us.

Katina Michael: Given my background is in information technology, I do read so many articles on the losses of data such as disks left behind at train stations and airports, unencrypted data being intercepted, and the theft of laptops of very important persons. But I really had not gone to that next step to consider the way in which DNA profile data in particular, could be used to attack and to make the most of a potential terrorist act. That is fascinating-

Peter Mahy: Yes, it is pretty scary... You could just imagine that even on 5 million samples in the UK getting into the wrong hands and from those records you could determine which type of chemical or biological warfare could wipe out 90% of the UK population but would allow other states to be somewhat unaffected. There would be a significant danger.

Katina Michael: When government authorities quote statistics related to the number of cold cases solved using DNA evidence/samples, or the number of successful convictions based on the process of matching DNA profiles, are we really to believe them?

Peter Mahy: Well, again, the government statistics are extremely unreliable. I think an important thing to note is that from the Council of Ministers discussion a couple of weeks ago, the information they have actually been given from the Government themselves is that of the 850000 or so samples that are potentially from innocent people that 350000 are from people who have been convicted or acquitted. And from those 500000 samples that are left they do not know what happened to those individuals. So when you have a database with 10% of samples of which the Government has no idea of whether those people were convicted or innocent then I think that just shows how very statistically unreliable the data sources are.

Katina Michael: I would like you to comment on the use of force in obtaining intimate and non-intimate DNA samples without the suspect’s consent? What does ‘refusal without good cause’ actually mean in the United Kingdom with respect to PACE? Do you know of any cases where this has occurred and innocent person has not been incriminated? The exact phrase that is used in s. 62(10) is: “Where the consent by the detained person is refused without ‘good cause’, the court, and the court and jury, may draw inferences that may amount to corroboration of any evidence against the person in relation to the refusal s. 62(10).”

Peter Mahy: I can answer that in a slightly different way using an example of a case that I recently dealt with where I had a very well respected client in the community, who with his wife was arrested for stealing their own car. At the police station they were asked for their DNA sample and they refused and it was taken by force. We have been battling to get that DNA destroyed for 2 years or so, and only post Marper and only recently, in fact only in the last month or two, we finally got it destroyed. And to those people I think that the whole way it was approached by the police initially in taking the DNA sample by force from somebody who clearly had not committed an offense and who were not charged at the police station and were let go after that, simply to boost the number of people in the database, is horrific and unnecessary. And the battle for 2 years after, alienates people and I think that is why the Government has gone wrong on this issue because you should be policing by consent rather than by coercion. Those two clients before this ordeal were engaged helping the police and very appropriately will now be very reluctant to help the police and there are hundreds of thousands of other people who feel the same way.

Katina Michael: Perhaps it is a good time now to ask you about initiatives such as the Innocence Project in the United States (1992) and the Innocence Network in the United Kingdom (2004). Do you believe that increasingly DNA evidence is rightly being used as a critical component of many judicial proceedings? Or do you think it is being overused? That is, DNA evidence can be used to both inculpate and exculpate a suspect; that DNA evidence has the power to convict the guilty or exonerate the innocent in criminal litigation. Do you have any thoughts on this process?

Peter Mahy: Well, I can see that DNA is very useful in a criminal case and it may solve a crime or prove that somebody is innocent. In the UK now, DNA is routinely used in family cases related to issues of paternity. In fact, DNA is used routinely in immigration cases. But it seems to me though that the essential issue to grapple with is when DNA should be taken without consent because that is an interference of people’s rights, and so should it be taken on arrest or should it be taken when you are charged, or only voluntarily? And that is just the dividing line. I think there is a big mix up and a lot of false prophecy in the UK in how DNA should be used. The UK Government has always proclaimed the importance of DNA, but this question was also answered in the European case. Well that is not disputed. The question is, when you should take DNA from people who do not wish to give it?

Katina Michael: I have just finished reading Ron C. Michaelis, Robert G. Flanders and Paula H. Wulff, A Litigator’s Guide to DNA: from the Laboratory to the Courtroom (2008) who state on p. 99 that the “ideal DNA database would contain the profiles of every person in the country” [United States]. But they go on to claim that “[a] database such as this will obviously never be compiled, so forensic analysts must use the data that have been collected, from a tiny portion of the population, to estimate the frequency of an allele in the larger population.” Do you believe as Michaelis et al. do that the UK will never seek to implement a national DNA database? Is the idea as far-fetched as it might seemingly initially appear?

Peter Mahy: I think if we had not won the S & Marper case that this would have happened in the UK. There was mention in the UK courts that the Government was mostly relying on the principle that DNA was taken at the police station, that it was a historical fact and that it was not a big deal. And there were some reports that suggested that DNA samples should be taken from babies at hospitals when they were born because at that point the procedure could be done fairly easily. And of course, you would not need to do it for everybody because of the capability to conduct familial searching with DNA. For instance, 15 to 20 million samples would probably be enough to identify almost anybody in the UK. It might not be that person but it might be their brother. And that clearly was attractive to the UK and I think that that might have come. But now because of the ECtHR judgment that is clearly in retreat now. I mean the Government here is proposing IDentification cards with biometric data on them. I think that is on very shaky ground now. My best guess now is that the Government is not going to go ahead with that, apart from the fact that they are fairly bankrupt. So initially yes, I think the idea was of a blanket coverage DNA database and that probably would have happened but I think now it is unlikely.

Katina Michael: Do you see the collection and storage of biometric data like fingerprints to be equally harmful as the collection and storage of DNA samples or profiles?

Peter Mahy: I do not see fingerprints as being as big an issue as DNA. I think with DNA it is the fear of future uses that worries people and people do not understand exactly what DNA is and what it could be used for. Whereas fingerprints are seen more as a signature and that less pieces could be extracted from it. But I think generally, especially with my clients, they are less concerned about fingerprints or a photograph than they are about DNA.

Katina Michael: I have a PhD student that is co-supervised by me and someone from the medical school that is working on the secondary uses of patient medical data including for instance the use of blood samples to aid in the discovery of cures. Her main aim is to develop a patient consent matrix. What I can say I am witnessing is a major push by the medical field, including medical practitioners and associated suppliers of medicines such as pharmaceutical companies to gain access to large amounts of what was once considered confidential databases in the hope that they can create medical breakthroughs. And there are also now quite a few health databases that contain hundreds of thousands of records and have been created voluntarily by the community adding their personal details to registers. Is it possible that we get to the point that the medical field almost overtakes the criminal/civil proceedings collection of DNA samples?

Peter Mahy: I was talking to some doctors in Leeds about this very topic earlier in the week. Doctors in hospitals are collecting blood samples every day for one thing or another. And I think there is a very important distinction they mentioned to me is that they have to ask the person if they consent at the start. And they also have the right to withdraw their consent and their details and samples taken off entirely in the future. And of course what we are talking about here is taking the DNA without consent and keeping them forever never bothering to take them off. But to me it seems that the big difference is consent.

Katina Michael: And how we would achieve true consent? Would you ask the individual periodically whether they consent to their DNA data being stored on a medical database for medical discovery? Do you ask them every three months? This is a question we are finding hard to answer.

Peter Mahy: In the medical field of course, it may be, I do not know, say in three or four years time that they decide that DNA samples are going to be sold to insurance companies who are very interested in this data especially if you are going to be ill down the track. But at that stage a person might think, I do not want to be on that medical database anymore and I want to be taken off. I think those are the sort of scenarios that will cause the major development because then they could withdraw their consent. For instance, imagine a company who obtains this data and later turns out to be engaged in unethical practices, how would you then withdraw your consent. Again, to me, a major issue here is that you may give your DNA to a limited company who then sends it abroad. I do not really see how you can really control it and to ensure that if you withdraw consent at a later date; that you can indeed really get your DNA back or get it destroyed from the database?

Katina Michael: I am really interested in the role that self-interest groups have had in the S & Marper case from the very beginning to the present time. I have come up with the following groups, and I would like you to let me know if any are missing to your recollection. In no order of importance I have come up with the Nuffield Council on Bioethics, Liberty, GeneWatch, StateWatch, the Genetic Interest Group, and the NDNA Ethics Group, Amberhawk, and Where is Your Data.

Peter Mahy: There is a letter that was written by the interest groups to the Council of Ministers about a fortnight ago. And I think that all of these groups are important because they will influence particular decisions. You should add to your list Privacy International UK, Black Mental Health UK, Action on Rights for Children, and No2ID.

Katina Michael: One thing I am trying to do is to look at the S & Marper case from the view of different stakeholders- the government and policymakers, the citizens, the media, the academic papers that have been written on the S & Marper case such as case comments and notes, and of course, the self-interest groups that are lobbying on behalf of the rights of citizens.

Peter Mahy: To be perfectly honest what happened, is that while we were taking the case through the courts in the UK, we were on our own. In the Divisional Court there was little media interest, and nobody was interested. In the Court of Appeal, Liberty tried to intervene but they could not come to the hearing. In the House of Lords, again, Liberty intervened and they were threatened by the Government that if they did and they came to the hearing there would be costs against them and Liberty was fearful of that. So in fact, Liberty did not come to the House of Lords. So we were really the only ones against the Police and the Government and we were hugely outgunned. It was not until we got to the European Court that Liberty put some submissions in, and importantly Privacy International UK put in some really good work but for the actual ECtHR hearing we were on our own again. There was seriously little back up then, but now that the judgment has come to pass there is a lot of interest from interest groups who are doing good work. Non-government organizations have a right to participate in the Council of Ministers debate, and that is why now they actually have some power.

Katina Michael: Peter, could you tell me how to describe your exact role on the S & Marper case?

Peter Mahy: The solicitor, who acted for the claimant in the S & Marper v United Kingdom case.

Katina Michael: And can I ask, why Mr S and Mr Marper? How did it come to pass that you chose these two individuals? Had they approached Howells LLP? Peter Mahy: So the reality was that South Yorkshire Police had written a letter to all solicitors saying that because the law had changed they were going to keep all DNA samples of people. In other words they were saying- “[s]top asking for the DNA samples to be destroyed.” And then when the email came around and I read this letter, I immediately thought, well that does not really sound right and we should challenge it. And very quickly I had Mr S and Mr Marper in the office who had written to the police asking for destruction of their DNA samples. I think till that point, I do not really think anyone else had really thought about it as the legislation in the UK was just out, and few perhaps saw it as an issue and worth challenging.

Katina Michael: Just as a final summary Peter, what were the tangible/intangible or explicit/implicit impact(s) of the ECtHR ruling on the United Kingdom?

Peter Mahy: Tangible is that the ECtHR ruling has created change and at the moment there is a lot of debate, a lot of talking between parties here. I think in a way it has drawn a line in the sand, and hopefully in the next 10-20 years we will look back and say that was an important case. That that was a case, where we took a good look at what was going on in the UK and put a stop to the erosion of rights.

Katina Michael: Any final comments that you might have on this S & Marper case?

Peter Mahy: I think one thing that is important to mention is how poorly funded we were. We were granted some legal aid from the European Court which was 2,613 euros. That was for myself and the barrister and included traveling expenses. So we were probably looking at something like 600-1 ,000 euro for the both of us, some 200-300 pounds each. It was an immense amount of work- boxes and boxes of documents. But at the same time, the Government lawyers were probably getting paid about 200-300 pounds per hour for the case. And we expect that the UK Government spent hundreds of thousands of pounds, if not millions of pounds just on the hearing. We made a request to freedom of information from the UK Government and they refused them, on the basis that this information was commercially sensitive. I think this just highlights the inequality of people trying to win a case versus the Government and the State. And now that we won the case we got paid fairly reasonably but we are sure, nothing like what the Government got paid. I think it shows the importance of people taking a stand but it is very difficult to communicate that lesson.

Katina Michael: Well, I for one, having researched this case over the last 12 months, am quite in awe of what you have achieved. And I am unsure if you perceive the great importance of S & Marper for other nation states, but this case ruling will set a precedent for others to follow. Thank you for conducting this interview with me.

Well, the owner-manager of the Baja Beach Club visited the United States, and he got the idea while traveling over there and hearing about the trial of the chip implant that was linked to electronic health records. These implants were first being used for the elderly and the sick.